Hopefully this is the right section to post in... but anyway, here is the problem: I work for a company and the owner recently fired the head IT guy (last Friday). Basically, there is a situation brewing in which the head IT guy will not give us the administrator password for the network. Along with this, the boss in worried that he may log in via remote desktop and mess around with files such as accounting records, inventory records, or just sabotage the whole system. Now the other question I have is how I should go about disabling the remote desktop connection first and foremost. We also need to get the administrator account information for the network. I have physical access to all computers in the network, and I have client logins for all the employees. The only issue is that none of the employee logins have administrative privileges, so I can't install / uninstall software etc. The network server is old and running on Windows Server 2003. All clients on the network are running Windows XP. Any suggestions? Thanks!
Use ERD Commander 5.0 to reset the password. (search for "Microsoft Desktop Optimization Pack 2010-SPYRAL" in piratebay. It includes ERD Commander 5.0) Login to your hardware firewall and/or NAT router and close all incoming ports. Remove all "port forwardings" also. TCP port 3389 is the most important, you must block it. Please take a note of everything in a piece of paper before you delete or modify anything, just in case something goes wrong and you have to restore the previous values!
Why would 3389 be the most important? Because it is M$ RDP? And what about all the other remote controll software that real admin would use? Also you need to know the password to the FW unit before you can login to it to disable anything... sebus
Well, it's commonly used because it comes with Windows so it doesn't cost extra. Most of the windows servers I've seen are managed with Remote Desktop (as long as they don't have special hardware like HP iLO or IBM Remote Supervisor) Nevertheless, it's much more important to configure the Firewall and/or router. If they don't have the password, he can just tell us the model and manufacturer of the device, there's usually a way to reset the admin password from the console.
Not the wrong section to post but the wrong FORUM to post. Just either call the police or fire him that's all !!!
Best solution also is to use MRI and use password reset to login to the server's local admin account and modify the accounts that way. You can always recover a password with the proper tools but the MRI way is the easiest because it will delete the administrator password all together.
Is this for a domain? If so I don't believe any of the techniques here so far will give you the domain admin password, only local admin over member servers and any clients. Local admin on a domain controller only works when you are in directory restore mode, but then you won't have access to the active directory database to reset any passwords there. You would need the domain admin account to modify active directory with new users, adding new computers to the domain and such.
Hiring such a vindictive person to such a position of trust seems to be the root problem, to me. That, or firing them in such a manner as to provoke this reaction. Either way, assuming said person is at all competent, I'm afraid the only real solution would be to hire someone better (and I hope, here, that the cause of the firing was not cost cutting. If it was, well, SOL comes to mind) ASAP and drop the problem in their lap. There will be a small, hopefully invisible, war and things will eventually be fixed. Assuming no encryption, mines and timebombs... In short, best of luck with that!
People.... If you EVER have to fire anybody, make sure you do take care of this before hand, not after you fire him.. I have seen some pretty fubared solutions where IT techs got on phones, personal email and used a keylogger to get even more information and something called a "blackhole" DO NOT FIRE SOMEONE BEFORE YOU HAVE PROTECTION ALREADY IN PLACE. If you need to change/obtain domain/AD passwords, just tell the IT guy that the boss was reading a scary article and everyone needs to change the passwords now and every week or something. And get a smart card encryption device. Mostly, NEVER GIVE FULL RIGHTS to IT unless you know for an absolute fact that they will not try and go for blood. This would really only apply to law enforcement or any other government job. Always keep the Password recovery disc in the Owner's safe and one at the local banks deposit box. Better even yet, the boss is responsible for his admin password and AD password. Never leave your business or company in the hands of an underling. EVER.
The simple thing to do in this situation is call the police. Regardless of this guys situation, the fact is doing what he's doing is not legal and jail time, lawsuits and fines can follow. My advice would be to ask him one more time, with the tone of "we would like to resolve this peacefully, however, we have legal council and they've advised taking you to court along with contacting the authorities, which we prefer not to do." I'd figure, if he were smart, he'd realize this battle could cost him his assets and freedom if any data was stolen or destroyed and to do 5-10 years in jail just to prove a point is not time well spent in my opinion. He'd be better served cutting his losses and moving on. If anything, had he received ill treatment from your company and not did this, he could have potentially had a suit against your company for firing him if it seemed like an unfair or discriminitive decision, and with the economy as it is, he could have possibly had an argument and a leg to stand on.